Closed akshatd closed 2 years ago
From the README.md file, NetworkManager-l2tp starts its own instance of xl2tpd and if the system xl2tpd service is running, its own xl2tpd instance will not be able to use UDP port 1701, so will use an ephemeral port (i.e. random high port).
You can enable and start the system xl2tpd with :
sudo systemctl start xl2tpd.service
sudo systemctl enable xl2tpd.service
Coincidentally I'm working on a new release where you can click a check box to explicitly use an ephemeral port, it might be released this weekend.
Forgot to mention, changing rightprotoport=udp/l2tp
to rightprotoport=udp/%any
would not be correct for the client.
The issue on the NATed client end is with leftprotoport=udp/l2tp
, fortunately NetworkManager-l2tp only uses leftprotoport=udp/l2tp
if port 1701 is free (and starting the system xl2tpd as mentioned in the previous message no longer makes it free) :
Thanks a lot for your help! I tried to start the process like you suggested, but it ended up using port 0 and someone else on the NAT is already using port 0 so the connection failed again. If the release with the option of an ephemeral port is imminent, ill gladly wait till the release to test it out.
Commit# https://github.com/nm-l2tp/NetworkManager-l2tp/commit/c61828af8e941fe8a878a31021085cb127e0bd49 has the commit for the ephemeral source port GUI checkbox.
I suspect the recent commit will not help you as the xl2tpd instance that it starts up is still using a bind to port 0 which causes the kernel to select an unused port from the ephemeral port range.
On the client side when system xl2tpd is not running, port 1701 as source port (and destination port) is used for the L2TP connection as can be confirmed with netstat :
$ sudo netstat -u -n
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 192.168.0.74:1701 120.103.71.66:1701 ESTABLISHED
When system xl2tpd is running, an ephemeral port (random) source port is used :
$ sudo netstat -u -n
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 192.168.0.74:45575 120.103.71.66:1701 ESTABLISHED
The current issue you are having is with the IPsec server not allowing leftprotoport=udp/%any
(which is the same as leftprotoport=udp/0
).
Usually left
is the client and right
is the server, but some docs have swapped them around. For example, the following libreswan page :
Some clients, notably older Windows XP and some macOS clients, use a random high port as source port. In those cases
rightprotoport=17/%any
can be used to allow all UDP traffic on the connection.
is incorrect, because like with netstat in the above examples, the source port is on the left and the destination port on the right. I believe the IPsec server probably should be using leftprotoport=udp/%any
and righprotoport=udp/l2tp
(instead of leftprotoport=udp/l2tp
and righprotoport=udp/%any
).
Are you able to change the IPsec server settings to leftprotoport=udp/%any
and righprotoport=udp/l2tp
?
I've just tested with iOS and macOS, both use an ephemeral port for the L2TP connection. The following is from the macOS command-line :
% sudo netstat -n
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address (state)
udp4 0 0 10.184.42.84.52589 120.103.71.66.1701
So just like with the Linux case above, leftprotoport=udp/%any
and righprotoport=udp/l2tp
would be required on the server side to support iOS and macOS.
NetworkManager-l2tp version 1.20.0 with the ephemeral port checkbox has been released. But as mentioned it is the leftprotoport
and righprotoport
configuration on the server side that needs to be fixed.
I assume it is now working for you based on your silence. I will close this issue, if you ever need it re-opened reply and I will re-open.
Summary
Hi, am trying to connect an L2Tp VPN using NetworkManager, but it forces the use of port 1701 during the "Quick Mode proposal", and so if two machines behind the same NAT try to use it at the same time, the connection fails with the error message "cannot install eroute -- it is in use for "l2tp-psk"[49] x.x.x.x #223" on the VPN Server.
One of the machines that proposes the port 1701 is a windows server 2019, and i cannot change its settings, so I was trying to see if I can change the ipsec configuration on my side. If only the windows server is connected or if only my linux machine is connected, then the VPN connects just fine. However, if any of these machines tries to connect while the other one is already connected, it fails.
This happens with both libreswan and strongswan
Things I have tried
rightprotoport=17/%any
in/etc/ipsec.conf
underconn 7be1fd4b-5560-4b9d-82e3-4091ddf3f3f9
as described in the "L2TP/IPsec client configuration" section here, but that did not do anything, the port proposal is still the same/var/ru/nm-l2tp-7be1fd4b-5560-4b9d-82e3-4091ddf3f3f9/ipsec.conf
, so tried to edit that file and put therightprotoport=17/%any
option there, but that entire folder gets deleted once the VPN is disconnected and is re-generated during runtime so changing it doesnt workConfig
VPN Server configured using: https://github.com/hwdsl2/setup-ipsec-vpn
Linux VPN Client configured using: https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#ubuntu-linux
My system:
uname -a
Packages installed:
pacman -Qe | grep network
pacman -Qe | grep swan
My connection file:
cat /etc/NetworkManager/system-connections/new.nmconnection
[vpn] gateway=vpn-server-addr.org ipsec-enabled=yes ipsec-esp=aes128-sha1 ipsec-ike=aes128-sha1-modp2048 ipsec-psk=some-psk password-flags=1 user=user@company.com service-type=org.freedesktop.NetworkManager.l2tp
[ipv4] dns-search= method=auto
[ipv6] addr-gen-mode=stable-privacy dns-search= method=auto
[proxy]
Oct 1 06:22:35 hq-vpn pluto[443976]: "l2tp-psk"[52] #247: responding to Main Mode from unknown peer :500
Oct 1 06:22:35 hq-vpn pluto[443976]: "l2tp-psk"[52] #247: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 1 06:22:35 hq-vpn pluto[443976]: "l2tp-psk"[52] #247: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 1 06:22:35 hq-vpn pluto[443976]: "l2tp-psk"[52] #247: Peer ID is ID_IPV4_ADDR: '192.168.0.112'
Oct 1 06:22:35 hq-vpn pluto[443976]: "l2tp-psk"[52] #247: switched from "l2tp-psk"[52] to "l2tp-psk"
Oct 1 06:22:35 hq-vpn pluto[443976]: "l2tp-psk"[57] #247: Peer ID is ID_IPV4_ADDR: '192.168.0.112'
Oct 1 06:22:35 hq-vpn pluto[443976]: "l2tp-psk"[57] #247: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_128 integ=HMAC_SHA1 group=MODP2048}
Oct 1 06:22:35 hq-vpn pluto[443976]: "l2tp-psk"[57] #247: the peer proposed: /32:17/1701 -> 192.168.0.112/32:17/0
Oct 1 06:22:35 hq-vpn pluto[443976]: "l2tp-psk"[57] #247: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
Oct 1 06:22:35 hq-vpn pluto[443976]: "l2tp-psk"[57] #248: responding to Quick Mode proposal {msgid:a4940b12}
Oct 1 06:22:35 hq-vpn pluto[443976]: "l2tp-psk"[57] #248: us: 192.168.100.2[]:17/1701
Oct 1 06:22:35 hq-vpn pluto[443976]: "l2tp-psk"[57] #248: them: [192.168.0.112]:17/1701
Oct 1 06:22:35 hq-vpn pluto[443976]: "l2tp-psk"[57] #248: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0xc67f5d22 <0xef5cd554 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=192.168.0.112 NATD=:4500 DPD=active}
Oct 1 06:22:35 hq-vpn pluto[443976]: "l2tp-psk"[57] #248: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0xc67f5d22 <0xef5cd554 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=192.168.0.112 NATD=:4500 DPD=active}
Oct 01 14:22:30 NetworkManager[3301]: [1633069350.6009] audit: op="statistics" interface="enp4s0f3u1u2" ifindex=4 args="2000" pid=1293 uid=1000 result="success"
Oct 01 14:22:30 NetworkManager[3301]: [1633069350.6166] audit: op="statistics" interface="wlp3s0" ifindex=3 args="2000" pid=1293 uid=1000 result="success"
Oct 01 14:22:32 NetworkManager[3301]: [1633069352.2432] audit: op="connection-activate" uuid="c9bc3ec7-4541-4eba-93e7-f209455c12d8" name="new" pid=1293 uid=1000 result="success"
Oct 01 14:22:32 NetworkManager[3301]: [1633069352.2473] vpn-connection[0x5561aaad2300,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",0]: Started the VPN service, PID 6500
Oct 01 14:22:32 NetworkManager[3301]: [1633069352.2571] vpn-connection[0x5561aaad2300,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",0]: Saw the service appear; activating connection
Oct 01 14:22:32 NetworkManager[3301]: [1633069352.2697] vpn-connection[0x5561aaad2300,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",0]: VPN connection: (ConnectInteractive) reply received
Oct 01 14:22:32 nm-l2tp-service[6500]: Check port 1701
Oct 01 14:22:32 NetworkManager[6513]: Stopping strongSwan IPsec failed: starter is not running
Oct 01 14:22:34 NetworkManager[6510]: Starting strongSwan 5.9.3 IPsec [starter]...
Oct 01 14:22:34 NetworkManager[6510]: Loading config setup
Oct 01 14:22:34 NetworkManager[6510]: Loading conn 'c9bc3ec7-4541-4eba-93e7-f209455c12d8'
Oct 01 14:22:34 ipsec_starter[6510]: Starting strongSwan 5.9.3 IPsec [starter]...
Oct 01 14:22:34 ipsec_starter[6510]: Loading config setup
Oct 01 14:22:34 ipsec_starter[6510]: Loading conn 'c9bc3ec7-4541-4eba-93e7-f209455c12d8'
Oct 01 14:22:34 ipsec_starter[6521]: Attempting to start charon...
Oct 01 14:22:34 charon[6522]: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.3, Linux 5.10.68-1-MANJARO, x86_64)
Oct 01 14:22:34 charon[6522]: 00[CFG] PKCS11 module '' lacks library path
Oct 01 14:22:34 charon[6522]: 00[LIB] plugin 'mysql' failed to load: libmariadb.so.3: cannot open shared object file: No such file or directory
Oct 01 14:22:34 charon[6522]: 00[CFG] attr-sql plugin: database URI not set
Oct 01 14:22:34 charon[6522]: 00[NET] using forecast interface wlp3s0
Oct 01 14:22:34 charon[6522]: 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
Oct 01 14:22:34 charon[6522]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Oct 01 14:22:34 charon[6522]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Oct 01 14:22:34 charon[6522]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Oct 01 14:22:34 charon[6522]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Oct 01 14:22:34 charon[6522]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Oct 01 14:22:34 charon[6522]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Oct 01 14:22:34 charon[6522]: 00[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Oct 01 14:22:34 charon[6522]: 00[CFG] loaded IKE secret for %any
Oct 01 14:22:34 charon[6522]: 00[CFG] sql plugin: database URI not set
Oct 01 14:22:34 charon[6522]: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
Oct 01 14:22:34 charon[6522]: 00[CFG] loaded 0 RADIUS server configurations
Oct 01 14:22:34 charon[6522]: 00[CFG] HA config misses local/remote address
Oct 01 14:22:34 charon[6522]: 00[CFG] no script for ext-auth script defined, disabled
Oct 01 14:22:34 charon[6522]: 00[LIB] loaded plugins: charon ldap pkcs11 aesni aes des rc2 sha2 sha3 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ntru drbg newhope bliss curl sqlite attr kernel-netlink resolve socket-default bypass-lan connmark forecast farp stroke vici updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp radattr unity counters
Oct 01 14:22:34 charon[6522]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Oct 01 14:22:34 charon[6522]: 00[JOB] spawning 16 worker threads
Oct 01 14:22:34 charon[6522]: 05[IKE] installed bypass policy for 192.168.0.0/24
Oct 01 14:22:34 charon[6522]: 05[IKE] installed bypass policy for ::1/128
Oct 01 14:22:34 charon[6522]: 05[IKE] installed bypass policy for fe80::/64
Oct 01 14:22:34 charon[6522]: 05[IKE] interface change for bypass policy for 192.168.0.0/24 (from enp4s0f3u1u2 to wlp3s0)
Oct 01 14:22:34 charon[6522]: 05[IKE] interface change for bypass policy for fe80::/64 (from enp4s0f3u1u2 to wlp3s0)
Oct 01 14:22:34 ipsec_starter[6521]: charon (6522) started after 40 ms
Oct 01 14:22:34 charon[6522]: 11[CFG] received stroke: add connection 'c9bc3ec7-4541-4eba-93e7-f209455c12d8'
Oct 01 14:22:34 charon[6522]: 11[CFG] added configuration 'c9bc3ec7-4541-4eba-93e7-f209455c12d8'
Oct 01 14:22:35 charon[6522]: 05[CFG] rereading secrets
Oct 01 14:22:35 charon[6522]: 05[CFG] loading secrets from '/etc/ipsec.secrets'
Oct 01 14:22:35 charon[6522]: 05[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Oct 01 14:22:35 charon[6522]: 05[CFG] loaded IKE secret for %any
Oct 01 14:22:35 charon[6522]: 14[CFG] received stroke: initiate 'c9bc3ec7-4541-4eba-93e7-f209455c12d8'
Oct 01 14:22:35 charon[6522]: 15[IKE] initiating Main Mode IKE_SA c9bc3ec7-4541-4eba-93e7-f209455c12d8[1] to
Oct 01 14:22:35 charon[6522]: 15[IKE] initiating Main Mode IKE_SA c9bc3ec7-4541-4eba-93e7-f209455c12d8[1] to
Oct 01 14:22:35 charon[6522]: 15[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Oct 01 14:22:35 charon[6522]: 15[NET] sending packet: from 192.168.0.112[500] to [500] (240 bytes)
Oct 01 14:22:35 charon[6522]: 01[NET] received packet: from [500] to 192.168.0.112[500] (144 bytes)
Oct 01 14:22:35 charon[6522]: 01[ENC] parsed ID_PROT response 0 [ SA V V V ]
Oct 01 14:22:35 charon[6522]: 01[IKE] received FRAGMENTATION vendor ID
Oct 01 14:22:35 charon[6522]: 01[IKE] received DPD vendor ID
Oct 01 14:22:35 charon[6522]: 01[IKE] received NAT-T (RFC 3947) vendor ID
Oct 01 14:22:35 charon[6522]: 01[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
Oct 01 14:22:35 charon[6522]: 01[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Oct 01 14:22:35 charon[6522]: 01[NET] sending packet: from 192.168.0.112[500] to [500] (372 bytes)
Oct 01 14:22:35 charon[6522]: 13[NET] received packet: from [500] to 192.168.0.112[500] (372 bytes)
Oct 01 14:22:35 charon[6522]: 13[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Oct 01 14:22:35 charon[6522]: 13[IKE] local host is behind NAT, sending keep alives
Oct 01 14:22:35 charon[6522]: 13[IKE] remote host is behind NAT
Oct 01 14:22:35 charon[6522]: 13[ENC] generating ID_PROT request 0 [ ID HASH ]
Oct 01 14:22:35 charon[6522]: 13[NET] sending packet: from 192.168.0.112[4500] to [4500] (76 bytes)
Oct 01 14:22:35 charon[6522]: 07[NET] received packet: from [4500] to 192.168.0.112[4500] (76 bytes)
Oct 01 14:22:35 charon[6522]: 07[ENC] parsed ID_PROT response 0 [ ID HASH ]
Oct 01 14:22:35 charon[6522]: 07[IKE] IKE_SA c9bc3ec7-4541-4eba-93e7-f209455c12d8[1] established between 192.168.0.112[192.168.0.112]...[]
Oct 01 14:22:35 charon[6522]: 07[IKE] IKE_SA c9bc3ec7-4541-4eba-93e7-f209455c12d8[1] established between 192.168.0.112[192.168.0.112]...[]
Oct 01 14:22:35 charon[6522]: 07[IKE] scheduling reauthentication in 9963s
Oct 01 14:22:35 charon[6522]: 07[IKE] maximum IKE_SA lifetime 10503s
Oct 01 14:22:35 charon[6522]: 07[ENC] generating QUICK_MODE request 2761165586 [ HASH SA No ID ID NAT-OA NAT-OA ]
Oct 01 14:22:35 charon[6522]: 07[NET] sending packet: from 192.168.0.112[4500] to [4500] (252 bytes)
Oct 01 14:22:35 charon[6522]: 08[NET] received packet: from [4500] to 192.168.0.112[4500] (172 bytes)
Oct 01 14:22:35 charon[6522]: 08[ENC] parsed QUICK_MODE response 2761165586 [ HASH SA No ID ID ]
Oct 01 14:22:35 charon[6522]: 08[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
Oct 01 14:22:35 charon[6522]: 08[IKE] CHILD_SA c9bc3ec7-4541-4eba-93e7-f209455c12d8{1} established with SPIs c67f5d22_i ef5cd554_o and TS 192.168.0.112/32[udp/l2f] === /32[udp/l2f]
Oct 01 14:22:35 charon[6522]: 08[IKE] CHILD_SA c9bc3ec7-4541-4eba-93e7-f209455c12d8{1} established with SPIs c67f5d22_i ef5cd554_o and TS 192.168.0.112/32[udp/l2f] === /32[udp/l2f]
Oct 01 14:22:35 charon[6522]: 08[ENC] generating QUICK_MODE request 2761165586 [ HASH ]
Oct 01 14:22:35 charon[6522]: 08[NET] sending packet: from 192.168.0.112[4500] to [4500] (60 bytes)
Oct 01 14:22:35 NetworkManager[6549]: initiating Main Mode IKE_SA c9bc3ec7-4541-4eba-93e7-f209455c12d8[1] to
Oct 01 14:22:35 NetworkManager[6549]: generating ID_PROT request 0 [ SA V V V V V ]
Oct 01 14:22:35 NetworkManager[6549]: sending packet: from 192.168.0.112[500] to [500] (240 bytes)
Oct 01 14:22:35 NetworkManager[6549]: received packet: from [500] to 192.168.0.112[500] (144 bytes)
Oct 01 14:22:35 NetworkManager[6549]: parsed ID_PROT response 0 [ SA V V V ]
Oct 01 14:22:35 NetworkManager[6549]: received FRAGMENTATION vendor ID
Oct 01 14:22:35 NetworkManager[6549]: received DPD vendor ID
Oct 01 14:22:35 NetworkManager[6549]: received NAT-T (RFC 3947) vendor ID
Oct 01 14:22:35 NetworkManager[6549]: selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
Oct 01 14:22:35 NetworkManager[6549]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Oct 01 14:22:35 NetworkManager[6549]: sending packet: from 192.168.0.112[500] to [500] (372 bytes)
Oct 01 14:22:35 NetworkManager[6549]: received packet: from [500] to 192.168.0.112[500] (372 bytes)
Oct 01 14:22:35 NetworkManager[6549]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Oct 01 14:22:35 NetworkManager[6549]: local host is behind NAT, sending keep alives
Oct 01 14:22:35 NetworkManager[6549]: remote host is behind NAT
Oct 01 14:22:35 NetworkManager[6549]: generating ID_PROT request 0 [ ID HASH ]
Oct 01 14:22:35 NetworkManager[6549]: sending packet: from 192.168.0.112[4500] to [4500] (76 bytes)
Oct 01 14:22:35 NetworkManager[6549]: received packet: from [4500] to 192.168.0.112[4500] (76 bytes)
Oct 01 14:22:35 NetworkManager[6549]: parsed ID_PROT response 0 [ ID HASH ]
Oct 01 14:22:35 NetworkManager[6549]: IKE_SA c9bc3ec7-4541-4eba-93e7-f209455c12d8[1] established between 192.168.0.112[192.168.0.112]...[]
Oct 01 14:22:35 NetworkManager[6549]: scheduling reauthentication in 9963s
Oct 01 14:22:35 NetworkManager[6549]: maximum IKE_SA lifetime 10503s
Oct 01 14:22:35 NetworkManager[6549]: generating QUICK_MODE request 2761165586 [ HASH SA No ID ID NAT-OA NAT-OA ]
Oct 01 14:22:35 NetworkManager[6549]: sending packet: from 192.168.0.112[4500] to [4500] (252 bytes)
Oct 01 14:22:35 NetworkManager[6549]: received packet: from [4500] to 192.168.0.112[4500] (172 bytes)
Oct 01 14:22:35 NetworkManager[6549]: parsed QUICK_MODE response 2761165586 [ HASH SA No ID ID ]
Oct 01 14:22:35 NetworkManager[6549]: selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
Oct 01 14:22:35 NetworkManager[6549]: CHILD_SA c9bc3ec7-4541-4eba-93e7-f209455c12d8{1} established with SPIs c67f5d22_i ef5cd554_o and TS 192.168.0.112/32[udp/l2f] === /32[udp/l2f]
Oct 01 14:22:35 NetworkManager[6549]: generating QUICK_MODE request 2761165586 [ HASH ]
Oct 01 14:22:35 NetworkManager[6549]: connection 'c9bc3ec7-4541-4eba-93e7-f209455c12d8' established successfully
Oct 01 14:22:35 nm-l2tp-service[6500]: xl2tpd started with pid 6555
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: Not looking for kernel SAref support.
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: Using l2tp kernel support.
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: xl2tpd version xl2tpd-1.3.16 started on akshat-tp PID:6555
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: Forked by Scott Balmos and David Stipp, (C) 2001
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: Inherited by Jeff McAdams, (C) 2002
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: Listening on IP address 0.0.0.0, port 1701
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: Connecting to host , port 1701
Oct 01 14:22:35 NetworkManager[3301]: [1633069355.6161] vpn-connection[0x5561aaad2300,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",0]: VPN plugin: state changed: starting (3)
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: Connection established to , 1701. Local: 5199, Remote: 10148 (ref=0/0).
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: Calling on tunnel 5199
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: Call established with , Local: 63394, Remote: 20464, Serial: 1 (ref=0/0)
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: start_pppd: I'm running:
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: "/usr/sbin/pppd"
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: "plugin"
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: "pppol2tp.so"
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: "pppol2tp"
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: "7"
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: "passive"
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: "nodetach"
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: ":"
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: "file"
Oct 01 14:22:35 NetworkManager[6555]: xl2tpd[6555]: "/var/run/nm-l2tp-c9bc3ec7-4541-4eba-93e7-f209455c12d8/ppp-options"
Oct 01 14:22:35 pppd[6556]: Plugin pppol2tp.so loaded.
Oct 01 14:22:35 pppd[6556]: Plugin /usr/lib/pppd/2.4.9/nm-l2tp-pppd-plugin.so loaded.
Oct 01 14:22:35 pppd[6556]: pppd 2.4.9 started by root, uid 0
Oct 01 14:22:35 pppd[6556]: Using interface ppp0
Oct 01 14:22:35 pppd[6556]: Connect: ppp0 <-->
Oct 01 14:22:35 pppd[6556]: Overriding mtu 1500 to 1400
Oct 01 14:22:35 pppd[6556]: Overriding mru 1500 to mtu value 1400
Oct 01 14:22:35 NetworkManager[3301]: [1633069355.6347] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/10)
Oct 01 14:22:36 NetworkManager[3301]: [1633069356.6148] audit: op="statistics" interface="enp4s0f3u1u2" ifindex=4 args="0" pid=1293 uid=1000 result="success"
Oct 01 14:22:36 NetworkManager[3301]: [1633069356.6201] audit: op="statistics" interface="wlp3s0" ifindex=3 args="0" pid=1293 uid=1000 result="success"
Oct 01 14:22:38 pppd[6556]: CHAP authentication succeeded: Access granted
Oct 01 14:22:38 pppd[6556]: CHAP authentication succeeded
Oct 01 14:22:38 pppd[6556]: Cannot determine ethernet address for proxy ARP
Oct 01 14:22:38 pppd[6556]: local IP address 192.168.42.24
Oct 01 14:22:38 pppd[6556]: remote IP address 192.168.42.1
Oct 01 14:22:38 pppd[6556]: primary DNS address 8.8.8.8
Oct 01 14:22:38 pppd[6556]: secondary DNS address 8.8.4.4
Oct 01 14:22:38 charon[6522]: 06[KNL] 192.168.42.24 appeared on ppp0
Oct 01 14:22:38 charon[6522]: 11[KNL] 192.168.42.24 disappeared from ppp0
Oct 01 14:22:38 charon[6522]: 01[KNL] 192.168.42.24 appeared on ppp0
Oct 01 14:22:38 charon[6522]: 07[KNL] interface ppp0 activated
Oct 01 14:22:38 NetworkManager[3301]: [1633069358.6497] device (ppp0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Oct 01 14:22:38 NetworkManager[3301]: [1633069358.6505] vpn-connection[0x5561aaad2300,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",0]: VPN connection: (IP4 Config Get) reply received from old-style plugin
Oct 01 14:22:38 NetworkManager[3301]: [1633069358.6509] vpn-connection[0x5561aaad2300,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",11:(ppp0)]: Data: VPN Gateway:
Oct 01 14:22:38 NetworkManager[3301]: [1633069358.6509] vpn-connection[0x5561aaad2300,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",11:(ppp0)]: Data: Tunnel Device: "ppp0"
Oct 01 14:22:38 NetworkManager[3301]: [1633069358.6509] vpn-connection[0x5561aaad2300,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",11:(ppp0)]: Data: IPv4 configuration:
Oct 01 14:22:38 NetworkManager[3301]: [1633069358.6510] vpn-connection[0x5561aaad2300,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",11:(ppp0)]: Data: Internal Address: 192.168.42.24
Oct 01 14:22:38 NetworkManager[3301]: [1633069358.6510] vpn-connection[0x5561aaad2300,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",11:(ppp0)]: Data: Internal Prefix: 32
Oct 01 14:22:38 NetworkManager[3301]: [1633069358.6510] vpn-connection[0x5561aaad2300,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",11:(ppp0)]: Data: Internal Point-to-Point Address: 192.168.42.1
Oct 01 14:22:38 NetworkManager[3301]: [1633069358.6510] vpn-connection[0x5561aaad2300,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",11:(ppp0)]: Data: Static Route: 0.0.0.0/0 Next Hop: 0.0.0.0
Oct 01 14:22:38 NetworkManager[3301]: [1633069358.6510] vpn-connection[0x5561aaad2300,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",11:(ppp0)]: Data: Static Route: 192.168.42.1/32 Next Hop: 0.0.0.0
Oct 01 14:22:38 NetworkManager[3301]: [1633069358.6510] vpn-connection[0x5561aaad2300,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",11:(ppp0)]: Data: Internal DNS: 8.8.8.8
Oct 01 14:22:38 NetworkManager[3301]: [1633069358.6511] vpn-connection[0x5561aaad2300,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",11:(ppp0)]: Data: Internal DNS: 8.8.4.4
Oct 01 14:22:38 NetworkManager[3301]: [1633069358.6511] vpn-connection[0x5561aaad2300,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",11:(ppp0)]: Data: DNS Domain: '(none)'
Oct 01 14:22:38 NetworkManager[3301]: [1633069358.6511] vpn-connection[0x5561aaad2300,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",11:(ppp0)]: Data: No IPv6 configuration
Oct 01 14:22:38 NetworkManager[3301]: [1633069358.6511] vpn-connection[0x5561aaad2300,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",11:(ppp0)]: VPN plugin: state changed: started (4)
Oct 01 14:22:38 NetworkManager[3301]: [1633069358.6520] vpn-connection[0x5561aaad2300,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",11:(ppp0)]: VPN connection: (IP Config Get) complete
Oct 01 14:22:38 NetworkManager[3301]: [1633069358.6525] device (ppp0): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'external')
Oct 01 14:22:38 NetworkManager[3301]: [1633069358.6620] policy: set 'new' (ppp0) as default for IPv4 routing and DNS
Oct 01 14:22:38 charon[6522]: 15[NET] using forecast interface wlp3s0
Oct 01 14:22:38 charon[6522]: 15[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
Oct 01 14:22:38 charon[6522]: 13[IKE] installed bypass policy for 192.168.0.1/32
Oct 01 14:22:38 charon[6522]: 13[IKE] installed bypass policy for 192.168.42.1/32
Oct 01 14:22:59 charon[6522]: 07[IKE] sending keep alive to [4500]
Oct 01 14:23:05 charon[6522]: 11[NET] received packet: from [4500] to 192.168.0.112[4500] (92 bytes)
Oct 01 14:23:05 charon[6522]: 11[ENC] parsed INFORMATIONAL_V1 request 2398335098 [ HASH N(DPD) ]
Oct 01 14:23:05 charon[6522]: 11[ENC] generating INFORMATIONAL_V1 request 1910383977 [ HASH N(DPD_ACK) ]
Oct 01 14:23:05 charon[6522]: 11[NET] sending packet: from 192.168.0.112[4500] to [4500] (92 bytes)
Oct 01 14:23:25 charon[6522]: 11[IKE] sending keep alive to [4500]
Oct 01 14:23:35 charon[6522]: 12[NET] received packet: from [4500] to 192.168.0.112[4500] (92 bytes)
Oct 01 14:23:35 charon[6522]: 12[ENC] parsed INFORMATIONAL_V1 request 3986403466 [ HASH N(DPD) ]
Oct 01 14:23:35 charon[6522]: 12[ENC] generating INFORMATIONAL_V1 request 1124458824 [ HASH N(DPD_ACK) ]
Oct 01 14:23:35 charon[6522]: 12[NET] sending packet: from 192.168.0.112[4500] to [4500] (92 bytes)
Oct 1 06:32:20 hq-vpn pluto[443976]: "l2tp-psk"[52] #249: responding to Main Mode from unknown peer :500
Oct 1 06:32:20 hq-vpn pluto[443976]: "l2tp-psk"[52] #249: Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused
Oct 1 06:32:20 hq-vpn pluto[443976]: "l2tp-psk"[52] #249: Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused
Oct 1 06:32:20 hq-vpn pluto[443976]: "l2tp-psk"[52] #249: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 1 06:32:20 hq-vpn pluto[443976]: "l2tp-psk"[52] #249: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 1 06:32:20 hq-vpn pluto[443976]: "l2tp-psk"[52] #249: Peer ID is ID_IPV4_ADDR: '192.168.0.142'
Oct 1 06:32:20 hq-vpn pluto[443976]: "l2tp-psk"[52] #249: switched from "l2tp-psk"[52] to "l2tp-psk"
Oct 1 06:32:20 hq-vpn pluto[443976]: "l2tp-psk"[58] #249: Peer ID is ID_IPV4_ADDR: '192.168.0.142'
Oct 1 06:32:20 hq-vpn pluto[443976]: "l2tp-psk"[58] #249: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP2048}
Oct 1 06:32:20 hq-vpn pluto[443976]: "l2tp-psk"[58] #249: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
Oct 1 06:32:20 hq-vpn pluto[443976]: "l2tp-psk"[58] #249: the peer proposed: /32:17/1701 -> 192.168.0.142/32:17/0
Oct 1 06:32:20 hq-vpn pluto[443976]: "l2tp-psk"[58] #249: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
Oct 1 06:32:20 hq-vpn pluto[443976]: "l2tp-psk"[58] #250: responding to Quick Mode proposal {msgid:00000001}
Oct 1 06:32:20 hq-vpn pluto[443976]: "l2tp-psk"[58] #250: us: 192.168.100.2[]:17/1701
Oct 1 06:32:20 hq-vpn pluto[443976]: "l2tp-psk"[58] #250: them: [192.168.0.142]:17/1701
Oct 1 06:32:20 hq-vpn pluto[443976]: "l2tp-psk"[58] #250: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0x4974127a <0xd8a6a58c xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.0.142 NATD=:12661 DPD=unsupported}
Oct 1 06:32:20 hq-vpn pluto[443976]: "l2tp-psk"[58] #250: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x4974127a <0xd8a6a58c xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.0.142 NATD=:12661 DPD=unsupported}
Oct 1 06:33:09 hq-vpn pluto[443976]: "l2tp-psk"[58] #251: responding to Main Mode from unknown peer :500
Oct 1 06:33:09 hq-vpn pluto[443976]: "l2tp-psk"[58] #251: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 1 06:33:09 hq-vpn pluto[443976]: "l2tp-psk"[58] #251: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 1 06:33:09 hq-vpn pluto[443976]: "l2tp-psk"[58] #251: Peer ID is ID_IPV4_ADDR: '192.168.0.112'
Oct 1 06:33:09 hq-vpn pluto[443976]: "l2tp-psk"[58] #251: switched from "l2tp-psk"[58] to "l2tp-psk"
Oct 1 06:33:09 hq-vpn pluto[443976]: "l2tp-psk"[59] #251: Peer ID is ID_IPV4_ADDR: '192.168.0.112'
Oct 1 06:33:09 hq-vpn pluto[443976]: "l2tp-psk"[59] #251: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_128 integ=HMAC_SHA1 group=MODP2048}
Oct 1 06:33:09 hq-vpn pluto[443976]: "l2tp-psk"[59] #251: the peer proposed: /32:17/1701 -> 192.168.0.112/32:17/0
Oct 1 06:33:09 hq-vpn pluto[443976]: "l2tp-psk"[59] #251: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
Oct 1 06:33:09 hq-vpn pluto[443976]: "l2tp-psk"[59] #252: responding to Quick Mode proposal {msgid:ef187325}
Oct 1 06:33:09 hq-vpn pluto[443976]: "l2tp-psk"[59] #252: us: 192.168.100.2[]:17/1701
Oct 1 06:33:09 hq-vpn pluto[443976]: "l2tp-psk"[59] #252: them: [192.168.0.112]:17/1701
Oct 1 06:33:09 hq-vpn pluto[443976]: "l2tp-psk"[59] #252: cannot install eroute -- it is in use for "l2tp-psk"[58] #250
Oct 1 06:33:11 hq-vpn sshd[460374]: Unable to negotiate with 107.189.12.48 port 54450: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Oct 1 06:33:13 hq-vpn pluto[443976]: "l2tp-psk"[59] #252: byte at offset 1 (29) of 'ISAKMP Hash Payload'.'reserved' is 0x02 but should have been zero (ignored)
Oct 1 06:33:13 hq-vpn pluto[443976]: "l2tp-psk"[59] #252: 55421-byte length of ISAKMP Hash Payload is larger than can fit
Oct 1 06:33:13 hq-vpn pluto[443976]: "l2tp-psk"[59] #252: malformed payload in packet
Oct 1 06:33:19 hq-vpn pluto[443976]: "l2tp-psk"[59] #251: received Delete SA payload: self-deleting ISAKMP State #251
Oct 1 06:33:19 hq-vpn pluto[443976]: "l2tp-psk"[59] #251: deleting state (STATE_MAIN_R3) aged 10.006s and sending notification
Oct 1 06:33:19 hq-vpn pluto[443976]: "l2tp-psk"[59] #251: expire pending child #252 STATE_QUICK_R0 of connection "l2tp-psk"[59] - the parent is going away
Oct 1 06:33:19 hq-vpn pluto[443976]: "l2tp-psk"[59] #252: deleting state (STATE_QUICK_R0) aged 9.983s and NOT sending notification
Oct 1 06:33:19 hq-vpn pluto[443976]: "l2tp-psk"[59] #252: ERROR: netlink response for Del SA esp.c4d4285e@ included errno 3: No such process
Oct 1 06:33:19 hq-vpn pluto[443976]: #252: deleting connection "l2tp-psk"[59] instance with peer {isakmp=#0/ipsec=#0}
Oct 01 14:33:00 NetworkManager[3301]: [1633069980.4792] audit: op="statistics" interface="enp4s0f3u1u2" ifindex=4 args="2000" pid=1293 uid=1000 result="success"
Oct 01 14:33:00 NetworkManager[3301]: [1633069980.4948] audit: op="statistics" interface="wlp3s0" ifindex=3 args="2000" pid=1293 uid=1000 result="success"
Oct 01 14:33:06 NetworkManager[3301]: [1633069986.7356] audit: op="connection-activate" uuid="c9bc3ec7-4541-4eba-93e7-f209455c12d8" name="new" pid=1293 uid=1000 result="success"
Oct 01 14:33:06 NetworkManager[3301]: [1633069986.7410] vpn-connection[0x5561aaad2510,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",0]: Started the VPN service, PID 6828
Oct 01 14:33:06 NetworkManager[3301]: [1633069986.7518] vpn-connection[0x5561aaad2510,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",0]: Saw the service appear; activating connection
Oct 01 14:33:06 NetworkManager[3301]: [1633069986.7641] vpn-connection[0x5561aaad2510,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",0]: VPN connection: (ConnectInteractive) reply received
Oct 01 14:33:06 nm-l2tp-service[6828]: Check port 1701
Oct 01 14:33:06 NetworkManager[6841]: Stopping strongSwan IPsec failed: starter is not running
Oct 01 14:33:07 NetworkManager[3301]: [1633069987.8862] audit: op="statistics" interface="enp4s0f3u1u2" ifindex=4 args="0" pid=1293 uid=1000 result="success"
Oct 01 14:33:07 NetworkManager[3301]: [1633069987.8906] audit: op="statistics" interface="wlp3s0" ifindex=3 args="0" pid=1293 uid=1000 result="success"
Oct 01 14:33:08 NetworkManager[6838]: Starting strongSwan 5.9.3 IPsec [starter]...
Oct 01 14:33:08 NetworkManager[6838]: Loading config setup
Oct 01 14:33:08 NetworkManager[6838]: Loading conn 'c9bc3ec7-4541-4eba-93e7-f209455c12d8'
Oct 01 14:33:08 ipsec_starter[6838]: Starting strongSwan 5.9.3 IPsec [starter]...
Oct 01 14:33:08 ipsec_starter[6838]: Loading config setup
Oct 01 14:33:08 ipsec_starter[6838]: Loading conn 'c9bc3ec7-4541-4eba-93e7-f209455c12d8'
Oct 01 14:33:08 ipsec_starter[6849]: Attempting to start charon...
Oct 01 14:33:08 charon[6850]: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.3, Linux 5.10.68-1-MANJARO, x86_64)
Oct 01 14:33:08 charon[6850]: 00[CFG] PKCS11 module '' lacks library path
Oct 01 14:33:08 charon[6850]: 00[LIB] plugin 'mysql' failed to load: libmariadb.so.3: cannot open shared object file: No such file or directory
Oct 01 14:33:08 charon[6850]: 00[CFG] attr-sql plugin: database URI not set
Oct 01 14:33:08 charon[6850]: 00[NET] using forecast interface wlp3s0
Oct 01 14:33:08 charon[6850]: 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
Oct 01 14:33:08 charon[6850]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Oct 01 14:33:08 charon[6850]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Oct 01 14:33:08 charon[6850]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Oct 01 14:33:08 charon[6850]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Oct 01 14:33:08 charon[6850]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Oct 01 14:33:08 charon[6850]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Oct 01 14:33:08 charon[6850]: 00[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Oct 01 14:33:08 charon[6850]: 00[CFG] loaded IKE secret for %any
Oct 01 14:33:08 charon[6850]: 00[CFG] sql plugin: database URI not set
Oct 01 14:33:08 charon[6850]: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
Oct 01 14:33:08 charon[6850]: 00[CFG] loaded 0 RADIUS server configurations
Oct 01 14:33:08 charon[6850]: 00[CFG] HA config misses local/remote address
Oct 01 14:33:08 charon[6850]: 00[CFG] no script for ext-auth script defined, disabled
Oct 01 14:33:08 charon[6850]: 00[LIB] loaded plugins: charon ldap pkcs11 aesni aes des rc2 sha2 sha3 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ntru drbg newhope bliss curl sqlite attr kernel-netlink resolve socket-default bypass-lan connmark forecast farp stroke vici updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp radattr unity counters
Oct 01 14:33:08 charon[6850]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Oct 01 14:33:08 charon[6850]: 00[JOB] spawning 16 worker threads
Oct 01 14:33:08 charon[6850]: 05[IKE] installed bypass policy for 192.168.0.0/24
Oct 01 14:33:08 charon[6850]: 05[IKE] installed bypass policy for ::1/128
Oct 01 14:33:08 charon[6850]: 05[IKE] installed bypass policy for fe80::/64
Oct 01 14:33:08 charon[6850]: 05[IKE] interface change for bypass policy for 192.168.0.0/24 (from enp4s0f3u1u2 to wlp3s0)
Oct 01 14:33:08 charon[6850]: 05[IKE] interface change for bypass policy for fe80::/64 (from enp4s0f3u1u2 to wlp3s0)
Oct 01 14:33:08 ipsec_starter[6849]: charon (6850) started after 20 ms
Oct 01 14:33:08 charon[6850]: 13[CFG] received stroke: add connection 'c9bc3ec7-4541-4eba-93e7-f209455c12d8'
Oct 01 14:33:08 charon[6850]: 13[CFG] added configuration 'c9bc3ec7-4541-4eba-93e7-f209455c12d8'
Oct 01 14:33:09 charon[6850]: 13[CFG] rereading secrets
Oct 01 14:33:09 charon[6850]: 13[CFG] loading secrets from '/etc/ipsec.secrets'
Oct 01 14:33:09 charon[6850]: 13[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Oct 01 14:33:09 charon[6850]: 13[CFG] loaded IKE secret for %any
Oct 01 14:33:09 charon[6850]: 01[CFG] received stroke: initiate 'c9bc3ec7-4541-4eba-93e7-f209455c12d8'
Oct 01 14:33:09 charon[6850]: 06[IKE] initiating Main Mode IKE_SA c9bc3ec7-4541-4eba-93e7-f209455c12d8[1] to
Oct 01 14:33:09 charon[6850]: 06[IKE] initiating Main Mode IKE_SA c9bc3ec7-4541-4eba-93e7-f209455c12d8[1] to
Oct 01 14:33:09 charon[6850]: 06[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Oct 01 14:33:09 charon[6850]: 06[NET] sending packet: from 192.168.0.112[500] to [500] (240 bytes)
Oct 01 14:33:09 charon[6850]: 07[NET] received packet: from [500] to 192.168.0.112[500] (144 bytes)
Oct 01 14:33:09 charon[6850]: 07[ENC] parsed ID_PROT response 0 [ SA V V V ]
Oct 01 14:33:09 charon[6850]: 07[IKE] received FRAGMENTATION vendor ID
Oct 01 14:33:09 charon[6850]: 07[IKE] received DPD vendor ID
Oct 01 14:33:09 charon[6850]: 07[IKE] received NAT-T (RFC 3947) vendor ID
Oct 01 14:33:09 charon[6850]: 07[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
Oct 01 14:33:09 charon[6850]: 07[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Oct 01 14:33:09 charon[6850]: 07[NET] sending packet: from 192.168.0.112[500] to [500] (372 bytes)
Oct 01 14:33:09 charon[6850]: 08[NET] received packet: from [500] to 192.168.0.112[500] (372 bytes)
Oct 01 14:33:09 charon[6850]: 08[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Oct 01 14:33:09 charon[6850]: 08[IKE] local host is behind NAT, sending keep alives
Oct 01 14:33:09 charon[6850]: 08[IKE] remote host is behind NAT
Oct 01 14:33:09 charon[6850]: 08[ENC] generating ID_PROT request 0 [ ID HASH ]
Oct 01 14:33:09 charon[6850]: 08[NET] sending packet: from 192.168.0.112[4500] to [4500] (76 bytes)
Oct 01 14:33:09 charon[6850]: 09[NET] received packet: from [4500] to 192.168.0.112[4500] (76 bytes)
Oct 01 14:33:09 charon[6850]: 09[ENC] parsed ID_PROT response 0 [ ID HASH ]
Oct 01 14:33:09 charon[6850]: 09[IKE] IKE_SA c9bc3ec7-4541-4eba-93e7-f209455c12d8[1] established between 192.168.0.112[192.168.0.112]...[]
Oct 01 14:33:09 charon[6850]: 09[IKE] IKE_SA c9bc3ec7-4541-4eba-93e7-f209455c12d8[1] established between 192.168.0.112[192.168.0.112]...[]
Oct 01 14:33:09 charon[6850]: 09[IKE] scheduling reauthentication in 10212s
Oct 01 14:33:09 charon[6850]: 09[IKE] maximum IKE_SA lifetime 10752s
Oct 01 14:33:09 charon[6850]: 09[ENC] generating QUICK_MODE request 4011356965 [ HASH SA No ID ID NAT-OA NAT-OA ]
Oct 01 14:33:09 charon[6850]: 09[NET] sending packet: from 192.168.0.112[4500] to [4500] (252 bytes)
Oct 01 14:33:13 charon[6850]: 10[IKE] sending retransmit 1 of request message ID 4011356965, seq 4
Oct 01 14:33:13 charon[6850]: 10[NET] sending packet: from 192.168.0.112[4500] to [4500] (252 bytes)
Oct 01 14:33:19 NetworkManager[6878]: Stopping strongSwan IPsec...
Oct 01 14:33:19 charon[6850]: 00[DMN] SIGINT received, shutting down
Oct 01 14:33:19 NetworkManager[6877]: initiating Main Mode IKE_SA c9bc3ec7-4541-4eba-93e7-f209455c12d8[1] to
Oct 01 14:33:19 NetworkManager[6877]: generating ID_PROT request 0 [ SA V V V V V ]
Oct 01 14:33:19 NetworkManager[6877]: sending packet: from 192.168.0.112[500] to [500] (240 bytes)
Oct 01 14:33:19 NetworkManager[6877]: received packet: from [500] to 192.168.0.112[500] (144 bytes)
Oct 01 14:33:19 NetworkManager[6877]: parsed ID_PROT response 0 [ SA V V V ]
Oct 01 14:33:19 NetworkManager[6877]: received FRAGMENTATION vendor ID
Oct 01 14:33:19 NetworkManager[6877]: received DPD vendor ID
Oct 01 14:33:19 NetworkManager[6877]: received NAT-T (RFC 3947) vendor ID
Oct 01 14:33:19 NetworkManager[6877]: selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
Oct 01 14:33:19 NetworkManager[6877]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Oct 01 14:33:19 NetworkManager[6877]: sending packet: from 192.168.0.112[500] to [500] (372 bytes)
Oct 01 14:33:19 NetworkManager[6877]: received packet: from [500] to 192.168.0.112[500] (372 bytes)
Oct 01 14:33:19 NetworkManager[6877]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Oct 01 14:33:19 NetworkManager[6877]: local host is behind NAT, sending keep alives
Oct 01 14:33:19 NetworkManager[6877]: remote host is behind NAT
Oct 01 14:33:19 NetworkManager[6877]: generating ID_PROT request 0 [ ID HASH ]
Oct 01 14:33:19 NetworkManager[6877]: sending packet: from 192.168.0.112[4500] to [4500] (76 bytes)
Oct 01 14:33:19 NetworkManager[6877]: received packet: from [4500] to 192.168.0.112[4500] (76 bytes)
Oct 01 14:33:19 NetworkManager[6877]: parsed ID_PROT response 0 [ ID HASH ]
Oct 01 14:33:19 NetworkManager[6877]: IKE_SA c9bc3ec7-4541-4eba-93e7-f209455c12d8[1] established between 192.168.0.112[192.168.0.112]...[]
Oct 01 14:33:19 NetworkManager[6877]: scheduling reauthentication in 10212s
Oct 01 14:33:19 NetworkManager[6877]: maximum IKE_SA lifetime 10752s
Oct 01 14:33:19 NetworkManager[6877]: generating QUICK_MODE request 4011356965 [ HASH SA No ID ID NAT-OA NAT-OA ]
Oct 01 14:33:19 NetworkManager[6877]: sending packet: from 192.168.0.112[4500] to [4500] (252 bytes)
Oct 01 14:33:19 NetworkManager[6877]: sending retransmit 1 of request message ID 4011356965, seq 4
Oct 01 14:33:19 NetworkManager[6877]: sending packet: from 192.168.0.112[4500] to [4500] (252 bytes)
Oct 01 14:33:19 NetworkManager[6877]: establishing connection 'c9bc3ec7-4541-4eba-93e7-f209455c12d8' failed
Oct 01 14:33:19 charon[6850]: 00[IKE] deleting IKE_SA c9bc3ec7-4541-4eba-93e7-f209455c12d8[1] between 192.168.0.112[192.168.0.112]...[]
Oct 01 14:33:19 charon[6850]: 00[IKE] deleting IKE_SA c9bc3ec7-4541-4eba-93e7-f209455c12d8[1] between 192.168.0.112[192.168.0.112]...[]
Oct 01 14:33:19 charon[6850]: 00[IKE] sending DELETE for IKE_SA c9bc3ec7-4541-4eba-93e7-f209455c12d8[1]
Oct 01 14:33:19 charon[6850]: 00[ENC] generating INFORMATIONAL_V1 request 3226531393 [ HASH D ]
Oct 01 14:33:19 charon[6850]: 00[NET] sending packet: from 192.168.0.112[4500] to [4500] (92 bytes)
Oct 01 14:33:19 charon[6850]: 00[IKE] uninstalling bypass policy for 192.168.0.0/24
Oct 01 14:33:19 charon[6850]: 00[IKE] uninstalling bypass policy for ::1/128
Oct 01 14:33:19 charon[6850]: 00[IKE] uninstalling bypass policy for fe80::/64
Oct 01 14:33:19 ipsec_starter[6849]: child 6850 (charon) has quit (exit code 0)
Oct 01 14:33:19 ipsec_starter[6849]:
Oct 01 14:33:19 ipsec_starter[6849]: charon stopped after 200 ms
Oct 01 14:33:19 ipsec_starter[6849]: ipsec starter stopped
Oct 01 14:33:19 nm-l2tp-service[6828]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Oct 01 14:33:19 NetworkManager[3301]: [1633069999.9754] vpn-connection[0x5561aaad2510,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",0]: VPN service disappeared
Oct 01 14:33:19 NetworkManager[3301]: [1633069999.9758] vpn-connection[0x5561aaad2510,c9bc3ec7-4541-4eba-93e7-f209455c12d8,"new",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'